CVE-2023-1427
Photo Gallery by 10Web < 1.8.15 - Admin+ Path Traversal- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the filesystem via a path traversal vector.
We have discovered 36,897 live websites that are affected by CVE-2023-1427.
Affected Software
| Product |  Photo Gallery by 10Web |
| Category | Wordpress Plugins |
| Vulnerable Domains | 36,897 live websites (35.15% of Photo Gallery by 10Web install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 324 versions ( 52.68% of all versions) |
Common Weakness Enumeration
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')Details
- Published - Apr 17, 2023
- Updated - Feb 6, 2025
Credits
- Nguyen Huu Do (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
CVE-2023-1427 usage by Country
 United States | 9,188 websites |
 Germany | 4,523 websites |
 France | 2,133 websites |
 Poland | 2,026 websites |
 Russia | 2,018 websites |
 GB | 1,368 websites |
 Italy | 1,111 websites |
 Netherlands | 1,020 websites |
 Japan | 864 websites |
 Hungary | 681 websites |
CVE-2023-1427 usage by TLD
| .com | 12,898 websites |
| .de | 2,368 websites |
| .org | 1,852 websites |
| .ru | 1,675 websites |
| .pl | 1,568 websites |
| .nl | 937 websites |
| .it | 881 websites |
| .co.uk | 873 websites |
| .net | 786 websites |
| .fr | 738 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-1427
Top websites that are affected by CVE-2023-1427. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.kz |  Kazakhstan | **,*** | |
| ******.name | France | **,*** | |
| ************.ru | Russia | **,*** | |
| ***********.org | United States | **,*** | |
| **********.**.uk | United States | **,*** | |
| ****************.org | United States | **,*** | |
| ***.***.ph |  Philippines | **,*** | |
| ******************.org | United States | **,*** | |
| *****.edu | United States | ***,*** | |
| *********.net | Italy | ***,*** |
FAQ
CVE-2023-1427 is Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Photo Gallery by 10Web
A total of 36,897 websites have been identified as vulnerable to CVE-2023-1427, discovered through global website indexing conducted by WebTechSurvey.
Photo Gallery by 10Web is susceptible to CVE-2023-1427 vulnerability.
Photo Gallery by 10Web versions before 1.8.15 are vulnerable to CVE-2023-1427.
Version 1.8.15 of Photo Gallery by 10Web addresses the CVE-2023-1427 security vulnerability.